{"id":708,"date":"2018-07-08T00:18:03","date_gmt":"2018-07-07T17:18:03","guid":{"rendered":"https:\/\/lagonet.vn\/?p=708"},"modified":"2018-07-08T00:18:03","modified_gmt":"2018-07-07T17:18:03","slug":"syslog-ng","status":"publish","type":"post","link":"https:\/\/kb.lagonet.vn\/?p=708","title":{"rendered":"SYSLOG-NG"},"content":{"rendered":"<div class=\"wikipage searchable\">\n<div id=\"wikipage\">\n<p>Basically we will:<\/p>\n<ul>\n<li>to listen udp port 512 on interface to network hardware subnet, and vigor&#8217;s subnet<\/li>\n<li>to filter hosts by ip (because we are not using DNS for hardware hosts now)<\/li>\n<li>to filter vigor by internal router name &#8220;ITIM-office&#8221;<\/li>\n<li>to put logs into\n<ul>\n<li>\/var\/log\/remote\/office\/switches\/$YEAR\/$YEAR-$MONTH-$DAY\/$HOST-$FACILITY-$YEAR$MONTH$DAY.log<\/li>\n<li>\/var\/log\/remote\/office\/access_points\/$YEAR\/$YEAR-$MONTH-$DAY\/$HOST-$FACILITY-$YEAR$MONTH$DAY.log<\/li>\n<li>\/var\/log\/remote\/office\/vigor\/$YEAR\/$YEAR-$MONTH-$DAY\/vigor-$FACILITY-$YEAR$MONTH$DAY.log<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2 id=\"syslog-ng.confexample\">syslog-ng.conf example<a id=\"section_1\" class=\"anchor\" title=\"Edit this section\" href=\"https:\/\/trac.coccoc.com\/coccoc\/wiki\/syslog-office?action=edit&amp;section=1\"><\/a><\/h2>\n<pre class=\"wiki\">source s_udp {\n    udp(\n        ip(10.0.254.1)\n        port(514)\n        );\n};\n\nsource s_udp6 {\n    udp(\n        ip(10.0.0.2)\n        port(514)\n        );\n};\n\ndestination d_vigor {\n    file(\n        \"\/var\/log\/remote\/office\/vigor\/$YEAR\/$YEAR-$MONTH-$DAY\/vigor-$FACILITY-$YEAR$MONTH$DAY.log\"\n        owner(root) group(root) perm(0640) dir_perm(0750) create_dirs(yes)\n        );\n};\n\ndestination d_switches_o {\n    file(\n        \"\/var\/log\/remote\/office\/switches\/$YEAR\/$YEAR-$MONTH-$DAY\/$HOST-$FACILITY-$YEAR$MONTH$DAY.log\"\n        owner(root) group(root) perm(0640) dir_perm(0750) create_dirs(yes)\n        );\n};\n\ndestination d_ap_o {\n    file(\n        \"\/var\/log\/remote\/office\/access_points\/$YEAR\/$YEAR-$MONTH-$DAY\/$HOST-$FACILITY-$YEAR$MONTH$DAY.log\"\n        owner(root) group(root) perm(0640) dir_perm(0750) create_dirs(yes)\n        );\n};\n\nfilter f_vigor{ program(\"ITIM-office\"); };\n\nfilter f_switches_o{ host(\"^10\\.0\\.254\\.2$\"); };\n\nfilter f_ap_o{\n    host(\"^10\\.0\\.254\\.10$\") or\n    host(\"^10\\.0\\.254\\.11$\") or\n    host(\"^10\\.0\\.254\\.12$\") or\n    host(\"^10\\.0\\.254\\.13$\");\n};\n\nlog {\n    source(s_udp);\n    filter(f_vigor);\n    destination(d_vigor);\n};\n\nlog {\n    source(s_udp);\n    filter(f_switches_o);\n    destination(d_switches_o);\n};\n\nlog {\n    source(s_udp);\n    filter(f_ap_o);\n    destination(d_ap_o);\n};\n\n<\/pre>\n<\/div>\n<\/div>\n<div id=\"attachments\"><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Basically we will: to listen udp port 512 on interface to network hardware subnet, and vigor&#8217;s subnet to filter hosts [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[19,6],"tags":[],"class_list":["post-708","post","type-post","status-publish","format-standard","hentry","category-issues","category-networking"],"_links":{"self":[{"href":"https:\/\/kb.lagonet.vn\/index.php?rest_route=\/wp\/v2\/posts\/708","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kb.lagonet.vn\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kb.lagonet.vn\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kb.lagonet.vn\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kb.lagonet.vn\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=708"}],"version-history":[{"count":0,"href":"https:\/\/kb.lagonet.vn\/index.php?rest_route=\/wp\/v2\/posts\/708\/revisions"}],"wp:attachment":[{"href":"https:\/\/kb.lagonet.vn\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=708"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kb.lagonet.vn\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=708"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kb.lagonet.vn\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=708"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}